Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney.

Slides:

Advertisements

Similar presentations

Airline Reservation System

Advertisements

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

Intrusion Detection Systems and Practices

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Ch8: Management of Software Engineering. 1 Management of software engineering  Traditional engineering practice is to define a project around the product.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lecture 11 Intrusion Detection (cont)

INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

BRUE Behavioral Reverse Engineering in UML as Eclipse Plugin MSE Presentation 1 Sri Raguraman.

New Vision Concept School Portal

UML - Development Process 1 Software Development Process Using UML (2)

RUP Fundamentals - Instructor Notes

CIS 895 – MSE Project KDD-Research Entity Search Tool (KREST) Presentation 1 Eric Davis

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

AgentTool (III) Dynamic MSE Presentation 1 Binti Sepaha.

ELP Helper MSE Project Presentation I Aghsan Ahmad Major Professor: Dr. Bill Hankley.

Multi-agent Research Tool (MART) A proposal for MSE project Madhukar Kumar.

Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase III MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr.

Konza PrairieKonza Prairie Long-Term Ecological Research (LTER)LTER Henry Mikhail.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.

Mastergoal Machine Learning Environment Phase 1 Completion Assessment MSE Project Kansas State University Alejandro Alliana.

Chapter 7 Applying UML and Patterns Craig Larman

T. E. Potok - University of Tennessee CS 594 Software Engineering Lecture 3 Dr. Thomas E. Potok

Student Curriculum Planning System MSE Project Presentation I Kevin Sung.

Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.

Project Estimation Model By Deepika Chaudhary. Factors for estimation Initial estimates may have to be made on the basis of a high level user requirements.

REAL TIME GPS TRACKING SYSTEM MSE PROJECT PHASE I PRESENTATION Bakor Kamal CIS 895.

Environment Model Building Tool MSE Presentation 1 Esteban Guillen.

MSE Presentation 1 By Padmaja Havaldar- Graduate Student Under the guidance of Dr. Daniel Andresen – Major Advisor Dr. Scott Deloach-Committee Member Dr.

L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.

Self-assembling Agent System Presentation 1 Donald Lee.

Natural Language to Machine Readable Format By: Damian Tamayo Presentation 1 – Oct. 12, 2009 CIS 895 – MSE Project.

7.5 Intrusion Detection Systems Network Security / G.Steffen1.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Graphical User Interface and Job Distribution Optimizer for a Virtual Pipeline Simulation Testbed Walamitien Oyenan October 8, 2003 MSE Presentation 1.

Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.

Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Estimating “Size” of Software There are many ways to estimate the volume or size of software. ( understanding requirements is key to this activity ) –We.

Effort Estimation In WBS,one can estimate effort (micro-level) but needed to know: –Size of the deliverable –Productivity of resource in producing that.

Cryptography and Network Security Sixth Edition by William Stallings.

MSE Presentation 1 Lakshmikanth Ganti

Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.

Communication Model for Cooperative Robotics Simulator MSE Presentation 1 Acharaporn Pattaravanichanon.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Rating Very Very Extra Cost Drivers Low Low Nominal High High High Product Attributes Required software reliability Database size.

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

بشرا رجائی برآورد هزینه نرم افزار.

1 Agile COCOMO II: A Tool for Software Cost Estimating by Analogy Cyrus Fakharzadeh Barry Boehm Gunjan Sharman SCEA 2002 Presentation University of Southern.

Project Cost Management

Snort – IDS / IPS.

Bogor-Java Environment for Eclipse

(A CORPORATE NETWORK APPROACH)

Jonas Pfoh, Daniel Angermeier

Intrusion Detection Systems (IDS)

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Jincheng Gao CIS895 – MSE Project

Overview of Computer system

Presentation transcript:

Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney Howell Dr. Mitchell Nielsen

Overview  Problem Statement  Purpose and Motivation  Background  Project phases  Project Requirements  User Interface  Cost Estimation  Effort Distribution

Problem Statement Objective To update Clipnids with the signatures of latest network attacks so as to detect and notify network administrators about any unauthorized access to the network resources by intruders

Purpose and Motivation  To excel in the Linux, C and GNU Programming.  Inspired by SNORT.

Background Intrusion detection: Process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusion. Types of Intrusion Detection Systems:  Network-based IDS  Host-based IDS  Application-Based IDS

Types of Analysis:  Misuse Detection  Anomaly Detection Types of Response:  Passive measure  Active measure Conclusion: CLIPNIDS is Network-based IDS, that uses “Misuse Detection” analysis technique for detecting intrusions and uses “Passive Measure” to Respond to intrusions.

Project phases  Inception Phase.  Elaboration Phase. Production Phase

Inception Phase  Vision Document 1.0  Project Plan 1.0  Software Quality Assurance Plan  Prototype

Project Requirements Actors identified for Clipnids. Use-Case diagram. Tasks required to achieve the objective of the project.

Actors identified for Clipnids.  Network  Clipnids  System Administrator

Use-Case diagram.

Tasks required to achieve the objective of the project.  Strong knowledge of Linux, C, GNU Programming and Bash scripting language.  Strong knowledge of GDB tool for debugging.  Migration of source code of CLIPNIDS from PCAP to DAQ to capture packets.

 Integrating of latest versions of decoders and pre-processors from SNORT into CLIPNIDS  Identifying the version of SNORT using which CLIPNIDS decoder and pre-processors were built.  Possessing the latest version of SNORT.  Good understanding of working of expert-system CLIPS.  Good understanding of working of CLIPNIDS and its architecture.  Good understanding of working of SNORT and its architecture.

 Modifying of “conf.clp” file to alter configuration settings for CLIPNIDS based on the latest pre-processors.  Adding new CLIPS files to incorporate the latest signatures of intrusions into pattern database of CLIPNIDS.

User Interface

Cost Estimation COCOMO Model is used as cost estimation for CLIPNIDS Effort = C1 * EAF * (Size) P1 Time = C2 * (Effort) P2 Organic Mode C1= 3.2 C2= 2.5 P1= 1.05 P2= 0.38

ParameterValueLevel RELY1.00Nominal DATA1.08High CPLX1.15High TIME1.11High STOR1.06High VIRT0.87Low TURN1.00Nominal ACAP0.86High AEXP1.00Nominal PCAP0.86High VEXP1.10Low LEXP0.95High MODP1.00Nominal TOOL1.00Nominal SCED1.00Nominal Parameter NameEffort Adjustment FactorValue Range RELYRequired Reliability DATADatabase Size CPLXProduct Complexity TIMEExecution Time Constraint STORMain Storage Constraint VIRTVirtual Machine Volatility TURNComputer Turnaround Time ACAPAnalyst Capability AEXPApplications Experience PCAPProgrammer Capability VEXPVirtual Machine Experience LEXPLanguage Experience MODPUse of Modern Practices TOOLUse of Software Tools SCEDRequired Development schedule

Effort Estimation – Gantt chart